Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits:
51f05f29 by Chris Lamb at 2021-08-04T09:40:15+01:00
data/dla-needed.txt: Triage asterisk for stretch LTS (CVE-2021-32558)
- - - - -
ea07e5cd by Chris Lamb at 2021-08-04T09:40:15+01:00
data/dla-needed.txt: Claim asterisk.
- - - - -
23e1f33e by Chris Lamb at 2021-08-04T09:40:16+01:00
Triage CVE-2021-37746 in claws-mail for stretch LTS.
- - - - -
e2df920a by Chris Lamb at 2021-08-04T09:40:17+01:00
Triage CVE-2021-37746 in sylpheed for stretch LTS.
- - - - -
de900ab3 by Chris Lamb at 2021-08-04T09:40:18+01:00
Triage CVE-2021-37601 in prosody for stretch LTS.
- - - - -
d878edcc by Chris Lamb at 2021-08-04T09:40:19+01:00
Triage CVE-2020-36421, CVE-2020-36422, CVE-2020-36423, CVE-2020-36424,
CVE-2020-36425 & CVE-2020-36426 in mbedtls for stretch LTS.
- - - - -
1e724bfb by Chris Lamb at 2021-08-04T09:40:20+01:00
Triage CVE-2021-32785, CVE-2021-32786, CVE-2021-32791 & CVE-2021-32792 in
libapache2-mod-auth-openidc for stretch LTS.
- - - - -
adaa8d08 by Chris Lamb at 2021-08-04T09:40:56+01:00
data/dla-needed.txt: Triage pjproject for stretch LTS (CVE-2021-32686)
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -713,8 +713,10 @@ CVE-2021-37747
CVE-2021-37746 (textview_uri_security_check in textview.c in Claws Mail before
3.18.0, ...)
- claws-mail <unfixed> (bug #991722)
[buster] - claws-mail <no-dsa> (Minor issue)
+ [stretch] - claws-mail <no-dsa> (Minor issue)
- sylpheed <unfixed> (bug #991723)
[buster] - sylpheed <no-dsa> (Minor issue)
+ [stretch] - sylpheed <no-dsa> (Minor issue)
NOTE:
https://git.claws-mail.org/?p=claws.git;a=commit;h=ac286a71ed78429e16c612161251b9ea90ccd431
CVE-2021-3672
RESERVED
@@ -1430,6 +1432,7 @@ CVE-2021-23183
CVE-2021-37601 (muc.lib.lua in Prosody 0.11.0 through 0.11.9 allows remote
attackers t ...)
- prosody 0.11.9-2
[buster] - prosody <no-dsa> (Minor issue)
+ [stretch] - prosody <no-dsa> (Minor issue)
NOTE: https://prosody.im/security/advisory_20210722/
CVE-2021-37404
RESERVED
@@ -2806,24 +2809,30 @@ CVE-2020-36427 (GNOME gThumb before 3.10.1 allows an
application crash via a mal
CVE-2020-36426 (An issue was discovered in Arm Mbed TLS before 2.24.0.
mbedtls_x509_cr ...)
- mbedtls 2.16.9-0.1
[buster] - mbedtls <no-dsa> (Minor issue)
+ [stretch] - mbedtls <no-dsa> (Minor issue)
CVE-2020-36425 (An issue was discovered in Arm Mbed TLS before 2.24.0. It
incorrectly ...)
- mbedtls 2.16.9-0.1
[buster] - mbedtls <no-dsa> (Minor issue)
+ [stretch] - mbedtls <no-dsa> (Minor issue)
NOTE: https://github.com/ARMmbed/mbedtls/issues/3340
NOTE: https://github.com/ARMmbed/mbedtls/pull/3433
CVE-2020-36424 (An issue was discovered in Arm Mbed TLS before 2.24.0. An
attacker can ...)
- mbedtls 2.16.9-0.1
[buster] - mbedtls <no-dsa> (Minor issue)
+ [stretch] - mbedtls <no-dsa> (Minor issue)
NOTE:
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-09-2
CVE-2020-36423 (An issue was discovered in Arm Mbed TLS before 2.23.0. A
remote attack ...)
- mbedtls 2.16.9-0.1
[buster] - mbedtls <no-dsa> (Minor issue)
+ [stretch] - mbedtls <no-dsa> (Minor issue)
CVE-2020-36422 (An issue was discovered in Arm Mbed TLS before 2.23.0. A side
channel ...)
- mbedtls 2.16.9-0.1
[buster] - mbedtls <no-dsa> (Minor issue)
+ [stretch] - mbedtls <no-dsa> (Minor issue)
CVE-2020-36421 (An issue was discovered in Arm Mbed TLS before 2.23.0. Because
of a si ...)
- mbedtls 2.16.9-0.1
[buster] - mbedtls <no-dsa> (Minor issue)
+ [stretch] - mbedtls <no-dsa> (Minor issue)
NOTE: https://github.com/ARMmbed/mbedtls/issues/3394
CVE-2021-36774
RESERVED
@@ -11947,12 +11956,14 @@ CVE-2021-32793
CVE-2021-32792 (mod_auth_openidc is an authentication/authorization module for
the Apa ...)
- libapache2-mod-auth-openidc 2.4.9-1 (bug #991580)
[buster] - libapache2-mod-auth-openidc <no-dsa> (Minor issue)
+ [stretch] - libapache2-mod-auth-openidc <no-dsa> (Minor issue)
NOTE:
https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-458c-7pwg-3j7j
NOTE:
https://github.com/zmartzone/mod_auth_openidc/commit/00c315cb0c8ab77c67be4a2ac08a71a83ac58751
(v2.4.9)
NOTE:
https://github.com/zmartzone/mod_auth_openidc/commit/55ea0a085290cd2c8cdfdd960a230cbc38ba8b56
(v2.4.9)
CVE-2021-32791 (mod_auth_openidc is an authentication/authorization module for
the Apa ...)
- libapache2-mod-auth-openidc 2.4.9-1 (bug #991581)
[buster] - libapache2-mod-auth-openidc <no-dsa> (Minor issue)
+ [stretch] - libapache2-mod-auth-openidc <no-dsa> (Minor issue)
NOTE:
https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-px3c-6x7j-3r9r
NOTE:
https://github.com/zmartzone/mod_auth_openidc/commit/375407c16c61a70b56fdbe13b0d2c8f11398e92c
(v2.4.9)
CVE-2021-32790 (Woocommerce is an open source eCommerce plugin for WordPress.
An SQL i ...)
@@ -11966,11 +11977,13 @@ CVE-2021-32787 (Sourcegraph is a code search and
navigation engine. Sourcegraph
CVE-2021-32786 (mod_auth_openidc is an authentication/authorization module for
the Apa ...)
- libapache2-mod-auth-openidc 2.4.9-1 (bug #991582)
[buster] - libapache2-mod-auth-openidc <no-dsa> (Minor issue)
+ [stretch] - libapache2-mod-auth-openidc <no-dsa> (Minor issue)
NOTE:
https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-xm4c-5wm5-jqv7
NOTE:
https://github.com/zmartzone/mod_auth_openidc/commit/3a115484eb927bc6daa5737dd84f88ff4bbc5544
(v2.4.9)
CVE-2021-32785 (mod_auth_openidc is an authentication/authorization module for
the Apa ...)
- libapache2-mod-auth-openidc 2.4.9-1 (bug #991583)
[buster] - libapache2-mod-auth-openidc <no-dsa> (Minor issue)
+ [stretch] - libapache2-mod-auth-openidc <no-dsa> (Minor issue)
NOTE:
https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-55r8-6w97-xxr4
NOTE:
https://github.com/zmartzone/mod_auth_openidc/commit/dc672688dc1f2db7df8ad4abebc367116017a449
(v2.4.9)
CVE-2021-32784
=====================================
data/dla-needed.txt
=====================================
@@ -18,6 +18,8 @@ ansible
NOTE: 20210411: after that LTS. (apo)
NOTE: 20210426: https://people.debian.org/~apo/lts/ansible/
--
+asterisk (Chris Lamb)
+--
ceph (Markus Koschany)
NOTE: 20200707: Vulnerable to at least CVE-2018-14662. (lamby)
NOTE: 20200707: Some discussion regarding removal
<https://lists.debian.org/debian-lts/2020/04/msg00019.html> (lamby)
@@ -76,6 +78,9 @@ openjdk-8 (Emilio)
--
pillow (codehelp)
--
+pjproject
+ NOTE: 20210804: Check notes on CVE (especially re. src:ring). (lamby)
+--
postgresql-9.1
NOTE: 20210803: See "Subject: packages in *-lts newer than in subsequent
releases"
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/4452b7f7603c9b0f4650943e86cb0cbdffbc9f2a...adaa8d08ac9c22a20ad83c54617c312364d9331b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/4452b7f7603c9b0f4650943e86cb0cbdffbc9f2a...adaa8d08ac9c22a20ad83c54617c312364d9331b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
